CONTEXT-AWARE ROLE-BASED ACCESS CONTROL SYSTEM AND CONTROL METHOD THEREOF

US 20100100941A1
Filed: 02/16/2009
Published: 04/22/2010
Est. Priority Date: 10/22/2008
Status: Active Grant

First Claim

Patent Images

1. A context-aware role-based access control system comprising:

a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition;

a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user;

an information repository for storing a user profile and context information; and

an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A context-aware role-based access control system and a control method thereof. The context-aware role-based access control system includes: a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition; a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user; an information repository for storing a user profile and context information; and an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request. Accordingly, more efficient access control can be achieved in ubiquitous environments where the context of the user dynamically changes.

26 Citations

View as Search Results

16 Claims

1. A context-aware role-based access control system comprising:
- a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition;
  
  a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user;
  
  an information repository for storing a user profile and context information; and
  
  an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16)
- - 2. The system as claimed in claim 1, wherein the context-aware user assignment manager comprises:
    - an adaptive assignment component (AAC) for assigning the user a role based on a first context request condition, which is preset to grant the user a role according to information on a location and a state of the user;
      
      an adaptive delegation component (ADC) for delegating the role of the user to a different user based on a second context request condition, which is preset for a context in which the role of the user is to be delegated to the different user; and
      
      an adaptive revocation component (ARC) for determining if the assigned or delegated role coincides with the preset context request condition, and revoking the assigned or delegated role when the assigned or delegated role does not coincide with the preset context request condition.
  - 3. The system as claimed in claim 2, wherein the first context request condition is established with the context request conditions, according to a role assignment table (RAT) which is defined in the form of role assignment elements (RAEs).
  - 4. The system as claimed in claim 2, wherein the second context request condition is established with the context request conditions, according to a role delegation table (RDT) in which the context request conditions are defined in the form of role delegation elements (RDEs).
  - 5. The system as claimed in claim 3, wherein the adaptive revocation component checks if the role assignment table/the role delegation table coincides with the first/second context request condition, and revokes a user assignment element from a user assignment table (UAT) when the role assignment table/the role delegation table does not coincide with the first/second context request condition, thereby revoking the assigned or delegated role.
  - 6. The system as claimed in claim 1, wherein the permission assignment manager comprises:
    - an adaptive permission modification component (APMC) for modifying an operation of a permission, which a role granted by the context-aware user assignment manager has, based on a third context request condition preset according to contexts requiring modification;
      
      an adaptive permission restoration component (APRC) for checking if the modified permission coincides with the third context request condition, and restoring the operation of the modified permission to an original state when the modified permission does not coincide with the third context request condition; and
      
      a personalized permission modification component (PPMC) for modifying the permission, which the role assigned to the user has, into a permission highly preferred by the user among permissions for performing an equal operation, by making reference to a user profile.
  - 7. The system as claimed in claim 6, wherein the third context request condition is established with the context request conditions, according to a permission management table (PMT) which is defined in the form of permission management elements (PMEs) for contexts requiring modification.
  - 8. The system as claimed in claim 6, wherein when the modified permission does not coincide with the third context request condition, the adaptive permission restoration component reads the pre-modification permission from a permission queue, and updates the permission assignment table (PAT), thereby restoring the operation of the permission to an original state.
  - 9. The system as claimed in claim 6, wherein the personalized permission modification component (PPMC) updates a permission assignment table with a permission highly preferred by the user, among permissions for performing an equal operation, by making reference to the user profile, thereby modifying the permission into a personalized permission.
  - 10. The system as claimed in claim 1, wherein the information repository comprises:
    - a user profile repository (UPR) for storing a state history of the user, and preference information of the user; and
      
      a context information repository (CIR) for storing the context information acquired from a ubiquitous environment.
  - 11. The system as claimed in claim 1, wherein the access control manager transmits the context information, which is updated, to the information repository.
  - 16. The system as claimed in claim 4, wherein the adaptive revocation component checks if the role assignment table/the role delegation table coincides with the first/second context request condition, and revokes a user assignment element from a user assignment table (UAT) when the role assignment table/the role delegation table does not coincide with the first/second context request condition, thereby revoking the assigned or delegated role.

12. A control method of a context-aware user assignment manager (CAUAM) in a context-aware role-based access control system, the method comprising the steps of:
- assigning a role to a user based on a first context request condition, which is preset to grant the user a role according to information on a location and a state of the user;
  
  checking if a second context request condition, which is preset for a context in which the role of the user is to be delegated to a different user, is satisfied;
  
  creating a user assignment element (UAE) which includes delegator information and a delegator'"'"'s role when the second context request condition is satisfied as a result of the check;
  
  updating a user assignment table (UAT) with the created user assignment element, and delegating the role to the different user;
  
  determining if the assigned or delegated role coincides with the preset context request condition; and
  
  revoking the assigned or delegated role when the assigned or delegated role does not coincide with the preset context request condition as a result of the determination.
- View Dependent Claims (13)
- - 13. The method as claimed in claim 12, wherein the first context request condition is established with the context request conditions, according to a role assignment table (RAT) which is defined in the form of role assignment elements (RAEs);
    - and the second context request condition is established with the context request conditions, according to a role delegation table (RDT) in which the context request conditions are defined in the form of role delegation elements (RDEs).

14. A control method of a context-aware permission assignment manager (CAPAM) in a context-aware role-based access control system, the method comprising the steps of:
- assigning or delegating, by a context-aware user assignment manager, a role suitable for a context of a user;
  
  checking if an operation of a permission, which the assigned or delegated role has, corresponds to a third context request condition which is preset according to contexts requiring modification;
  
  modifying the operation of the permission according to the third context request condition, when the operation of the permission corresponds to the third context request condition as a result of the check;
  
  determining if the modified permission coincides with the third context request condition;
  
  reading the pre-modification permission from a permission queue (PQ), when the modified permission does not coincide with the third context request condition as a result of the determination; and
  
  updating a permission assignment table with the pre-modification permission, and restoring the operation of the permission to an original state.
- View Dependent Claims (15)
- - 15. The method as claimed in claim 14, wherein the third context request condition is established with the context request conditions, according to a permission management table (PMT) which is defined in the form of permission management elements (PMEs) for contexts requiring modification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Discovery Co., Ltd.
Original Assignee
Sungkyunkwan University Foundation For Corporate Collaboration (SungKyunKwan University)
Inventors
Choi, Jung-Hwan, Kang, Dong-Hyun, Song, Chang-Hwan, Jang, Hyun-Su, Kim, Youn-Woo, Eom, Young-Ik

Granted Patent

US 8,387,117 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

CONTEXT-AWARE ROLE-BASED ACCESS CONTROL SYSTEM AND CONTROL METHOD THEREOF

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

CONTEXT-AWARE ROLE-BASED ACCESS CONTROL SYSTEM AND CONTROL METHOD THEREOF

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links